wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-12-19 03:11:41 +03:00
Code Issues Projects Releases Wiki Activity
70f174a8b5
fq/format/inet/testdata/tls12-ipv4-linkframe-keylog.pcapng.fqtest
Mattias Wadman 051a70bd4b interp: Change bit ranges to use exclusive end 
All other ranges and slicing uses exclusive end so i think it make sense
to make it consistent.

Update docs and add additional example for non-byte-aligned field.

Also fixes issue showing zero bit ranges as start-NA.
2023-10-20 15:37:26 +02:00

101 lines
10 KiB
Plaintext
Raw Blame History

# tls12-dsb.pcapng from https://gitlab.com/wireshark/wireshark/-/tree/master/test/captures
$ fq 'first(grep_by(.type=="enhanced_packet")), .[0].tcp_connections | dv' tls12-ipv4-linkframe-keylog.pcapng
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.[0].blocks[3]{}: block 0x12c-0x268 (316)
0x120| 06 00 00 00| ....| type: "enhanced_packet" (0x6) (Enhanced Packet Block) 0x12c-0x130 (4)
0x130|3c 01 00 00 |<... | length: 316 0x130-0x134 (4)
0x130| 00 00 00 00 | .... | interface_id: 0 0x134-0x138 (4)
0x130| dd 7a 05 00 | .z.. | timestamp_high: 359133 0x138-0x13c (4)
0x130| a3 2d 60 23| .-`#| timestamp_low: 593505699 0x13c-0x140 (4)
0x140|19 01 00 00 |.... | capture_packet_length: 281 0x140-0x144 (4)
0x140| 19 01 00 00 | .... | original_packet_length: 281 0x144-0x148 (4)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| packet{}: (ipv4_packet) 0x148-0x261 (281)
0x140| 45 | E | version: 4 (valid) 0x148-0x148.4 (0.4)
0x140| 45 | E | ihl: 5 0x148.4-0x149 (0.4)
0x140| 00 | . | dscp: 0 0x149-0x149.6 (0.6)
0x140| 00 | . | ecn: 0 0x149.6-0x14a (0.2)
0x140| 01 19 | .. | total_length: 281 0x14a-0x14c (2)
0x140| e1 ea | .. | identification: 57834 0x14c-0x14e (2)
0x140| 40 | @ | reserved: 0 0x14e-0x14e.1 (0.1)
0x140| 40 | @ | dont_fragment: true 0x14e.1-0x14e.2 (0.1)
0x140| 40 | @ | more_fragments: false 0x14e.2-0x14e.3 (0.1)
0x140| 40 00| @.| fragment_offset: 0 0x14e.3-0x150 (1.5)
0x150|40 |@ | ttl: 64 0x150-0x151 (1)
0x150| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x151-0x152 (1)
0x150| 18 0f | .. | header_checksum: 0x180f (valid) 0x152-0x154 (2)
0x150| 0a 09 00 02 | .... | source_ip: "10.9.0.2" (0xa090002) 0x154-0x158 (4)
0x150| 5d b8 d8 22 | ].." | destination_ip: "93.184.216.34" (0x5db8d822) 0x158-0x15c (4)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (tcp_segment) 0x15c-0x261 (261)
0x150| b6 d0 | .. | source_port: 46800 0x15c-0x15e (2)
0x150| 01 bb| ..| destination_port: "https" (443) (http protocol over TLS/SSL) 0x15e-0x160 (2)
0x160|fb c2 e0 52 |...R | sequence_number: 4223852626 0x160-0x164 (4)
0x160| de 55 1a e0 | .U.. | acknowledgment_number: 3730119392 0x164-0x168 (4)
0x160| 80 | . | data_offset: 8 0x168-0x168.4 (0.4)
0x160| 80 | . | reserved: 0 0x168.4-0x168.7 (0.3)
0x160| 80 | . | ns: false 0x168.7-0x169 (0.1)
0x160| 18 | . | cwr: false 0x169-0x169.1 (0.1)
0x160| 18 | . | ece: false 0x169.1-0x169.2 (0.1)
0x160| 18 | . | urg: false 0x169.2-0x169.3 (0.1)
0x160| 18 | . | ack: true 0x169.3-0x169.4 (0.1)
0x160| 18 | . | psh: true 0x169.4-0x169.5 (0.1)
0x160| 18 | . | rst: false 0x169.5-0x169.6 (0.1)
0x160| 18 | . | syn: false 0x169.6-0x169.7 (0.1)
0x160| 18 | . | fin: false 0x169.7-0x16a (0.1)
0x160| 00 e5 | .. | window_size: 229 0x16a-0x16c (2)
0x160| 40 f1 | @. | checksum: 0x40f1 0x16c-0x16e (2)
0x160| 00 00| ..| urgent_pointer: 0 0x16e-0x170 (2)
| | | options[0:3]: 0x170-0x17c (12)
| | | [0]{}: option 0x170-0x171 (1)
0x170|01 |. | kind: "nop" (1) (No operation) 0x170-0x171 (1)
| | | [1]{}: option 0x171-0x172 (1)
0x170| 01 | . | kind: "nop" (1) (No operation) 0x171-0x172 (1)
| | | [2]{}: option 0x172-0x17c (10)
0x170| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x172-0x173 (1)
0x170| 0a | . | length: 10 0x173-0x174 (1)
0x170| c8 fa fa 0d | .... | value: 3371891213 0x174-0x178 (4)
0x170| 88 06 26 a6 | ..&. | echo_reply: 2282104486 0x178-0x17c (4)
0x170| 16 03 01 00| ....| payload: raw bits 0x17c-0x261 (229)
0x180|e0 01 00 00 dc 03 03 f6 7a 28 b3 86 b3 1c 62 0d|........z(....b.|
* |until 0x260.7 (229) | |
0x260| 00 00 00 | ... | padding: raw bits 0x261-0x264 (3)
| | | options[0:0]: 0x264-0x264 (0)
0x260| 3c 01 00 00 | <... | footer_length: 316 0x264-0x268 (4)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.[0].tcp_connections[0:2]: 0x2814-0x2814 (0)
| | | [0]{}: tcp_connection 0x2814-0x2814 (0)
| | | client{}: 0x2814-0x2814 (0)
| | | ip: "10.9.0.2"
| | | port: 46800
| | | has_start: false
| | | has_end: false
| | | skipped_bytes: 0
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|
0x000|16 03 01 00 e0 01 00 00 dc 03 03 f6 7a 28 b3 86|............z(..| stream: raw bits 0x0-0x1eb (491)
* |until 0x1ea.7 (end) (491) | |
| | | server{}: 0x2814-0x2814 (0)
| | | ip: "93.184.216.34"
| | | port: "https" (443) (http protocol over TLS/SSL) 0x2814-0x2814 (0)
| | | has_start: false
| | | has_end: false
| | | skipped_bytes: 0
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|
0x000|16 03 03 00 70 02 00 00 6c 03 03 75 d0 16 e2 3a|....p...l..u...:| stream: raw bits 0x0-0xe4e (3662)
* |until 0xe4d.7 (end) (3662) | |
| | | [1]{}: tcp_connection 0x2814-0x2814 (0)
| | | client{}: 0x2814-0x2814 (0)
| | | ip: "10.9.0.2"
| | | port: 46802
| | | has_start: false
| | | has_end: false
| | | skipped_bytes: 0
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|
0x000|16 03 01 00 e0 01 00 00 dc 03 03 1e 0d 63 b4 1d|.............c..| stream: raw bits 0x0-0x1eb (491)
* |until 0x1ea.7 (end) (491) | |
| | | server{}: 0x2814-0x2814 (0)
| | | ip: "93.184.216.34"
| | | port: "https" (443) (http protocol over TLS/SSL) 0x2814-0x2814 (0)
| | | has_start: false
| | | has_end: false
| | | skipped_bytes: 0
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|
0x000|16 03 03 00 70 02 00 00 6c 03 03 2e af a1 24 6f|....p...l.....$o| stream: raw bits 0x0-0xe4e (3662)
* |until 0xe4d.7 (end) (3662) | |
Reference in New Issue View Git Blame Copy Permalink